Category: Post Exploitation

Background: Getting domain admin access is hardly ever the goal of penetration tests/red team assessments, unless it’s explicitly stated by the client of course. That said, having DA access in a target’s domain makes it a lot easier to take action on your actual objectives; which is why a lot of us will prioritise acquiring…

Background: During a pentest late last year I got access to a SolarWinds Network Performance Monitor (NPM) application via its web administration console. I got lucky, the admin had just started setting it up and he/she hadn’t gotten around to changing its default credentials. I didn’t think much of the access at first, all I…

Background: On a recent internal pentesting engagement I managed to get an unprivileged shell on one of my client’s servers. It was a business critical server so enumerating it and rooting it was the next logical move to make. I always begin my enumeration by running the “uname -a” command to get some basic system…